azure-storage icon indicating copy to clipboard operation
azure-storage copied to clipboard

Published 20 hours ago verified publisher icon nestjs

Add SAS Key generation service

Open DimosthenisK opened this issue 5 years ago • 2 comments

I'm submitting a...


[ ] Regression 
[ ] Bug report
[x] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.

Current behavior

Currently, you pass the SAS key during the module registering with the withConfig method. This is undesirable, as they keys expire and you might want to change them or configure them better.

Expected behavior

There should be an option to generate the SAS key via the module, using an account name and key.

Minimal reproduction of the problem with instructions

What is the motivation / use case for changing the behavior?

SAS keys expire and there should be more control over them.

Environment


Nest version: 6.7.2

 
For Tooling issues:
- Node version: 12.10  
- Platform: Windows 

Others:

DimosthenisK avatar Oct 01 '19 14:10 DimosthenisK

I have already created a quick service like that, and you are free to modify it and add it to the core module. It currently looks like this:

import { Injectable } from '@nestjs/common';
import * as azure from '@azure/storage-blob';
import { ConfigService } from '../config/config.service';
import {
    AccountSASServices,
    AccountSASResourceTypes,
} from '@azure/storage-blob';

@Injectable()
export class AzureSASService {
    private credential: azure.SharedKeyCredential;
    constructor(private readonly configService: ConfigService) {
        this.credential = new azure.SharedKeyCredential(
            this.configService.get('AZURE_STORAGE_ACCOUNT'),
            this.configService.get('AZURE_STORAGE_ACCOUNT_KEY')
        );
    }
    getNewSASKey() { //We should probably add a config object here
        let expiryTime = new Date();
        let startTime = new Date();
        expiryTime.setMonth(new Date().getMonth() + 1);
        startTime.setFullYear(startTime.getFullYear() - 10);
        return (
            '?' +
            azure
                .generateAccountSASQueryParameters(
                    {
                        expiryTime,
                        services: AccountSASServices.parse('b').toString(),
                        resourceTypes: AccountSASResourceTypes.parse(
                            'sco'
                        ).toString(),
                        permissions: azure.ContainerSASPermissions.parse(
                            'racwdl'
                        ).toString(),
                        startTime,
                        ipRange: { start: '0.0.0.0', end: '255.255.255.255' },
                        protocol: azure.SASProtocol.HTTPSandHTTP,
                        version: '2018-11-09',
                    },
                    this.credential
                )
                .toString()
        );
    }
}

DimosthenisK avatar Oct 01 '19 14:10 DimosthenisK

May I ask if there is any update on this issue.

Granting access to resources using SAS signed url is pretty common use case of Azure Blob Storage. Sometimes we don't want to use our server bandwidth for download and upload actions. The server might only take care of access management.

I could help with drafting the feature and raise a PR if help is wanted.

Roytangrb avatar Dec 26 '20 07:12 Roytangrb